[Snort-devel] Snort >= 2.1.3 TCP/IP options bug

Martin Roesch roesch at ...402...
Thu Oct 14 07:36:26 EDT 2004


Hey Evrim,

It looks like it was built on a linux system so the TCP data structures 
don't map 1-to-1 over to *BSD systems.  It's also missing an include 
file before netinet/ip.h for the definition of n_long, looks like it 
needs in_systm.h on OS X.  Here's gcc output on my Mac (OS X 10.3.5):

[frylock ~]$ gcc -c poc.c
In file included from poc.c:11:
/usr/include/netinet/ip.h:178: error: parse error before "n_long"
/usr/include/netinet/ip.h:181: error: parse error before "n_long"
/usr/include/netinet/ip.h:183: error: parse error before '}' token
/usr/include/netinet/ip.h:184: error: parse error before '}' token
poc.c: In function `main':
poc.c:46: error: structure has no member named `source'
poc.c:47: error: structure has no member named `dest'
poc.c:48: error: structure has no member named `seq'
poc.c:49: error: structure has no member named `ack'
poc.c:50: error: structure has no member named `res1'
poc.c:51: error: structure has no member named `doff'
poc.c:52: error: structure has no member named `syn'
poc.c:53: error: structure has no member named `window'
poc.c:54: error: structure has no member named `check'
poc.c:55: error: structure has no member named `urg_ptr'

This is one of the reasons that I implement local protocol structs in 
Snort for packet decoding, the code in /usr/include/netinet isn't 
necessarily portable across platforms.

Just an FYI, thought you might be interested.

      -Marty

On Oct 13, 2004, at 1:02 PM, Evrim ULU wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jeff Nathan wrote:
> | If anyone attaches proof of concept code to a bug report, please 
> write
> | portable code.
> |
>
> Hi,
>
> which line is non-portable? or this is joke? (it is only 77 lines, how
> non-portable can it be?) (yeah, i simply ignored win32 users, don't 
> care
> about them, they have to learn posix compliancy)
>
> Evrim.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFBbV+3R2rUfDW+YFIRAkHpAJ4mRtFbLnz3ibFAOjEGcj+qUMlcsgCePgcS
> uAxO0gZTq1L2W+bPhiamFLc=
> =dr5u
> -----END PGP SIGNATURE-----
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IT Product Guide on 
> ITManagersJournal
> Use IT products in your business? Tell us what you think of them. Give 
> us
> Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out 
> more
> http://productguide.itmanagersjournal.com/guidepromo.tmpl
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>
-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover.  Determine.  Defend.
roesch at ...402... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-devel mailing list